LDAP and account experation date

Skip to first unread message

Predrag Punosevac

Oct 26, 2020, 9:24:51 PM10/26/20
to springdale-users

Dear All,

I was wondering if you could kindly share with me your account expiration settings. Namely, I would like LDAP user accounts to be automatically disabled after certain date.
I tried using shadowExpire LDAP attribute.

I am using OpenBSD build in LDAP server as my centralized authentication and authorization server for our not so small ML Lab. I do have

shadowExpire: 15159

attribute set for each user just like in this document (note that 15159 is the time in days from the UNIX epoch, I also tried setting up in seconds).

I also edited my sssd.conf file accordingly per only document I found on this topic on the Red Hat portal

access_provider = ldap
ldap_pwd_policy = shadow
ldap_access_order = pwd_expire_policy_reject

I also see this link

but I don't have Red Hat subscription. I am sure I am not the only one trying to implement account expiration policy.

Reply all
Reply to author
0 new messages